Note: Because Edge originally supported SSL, you will see some
instances in the Edge UI, Edge XML, and Edge properties that use the term "SSL". For example, the
menu entry in the Edge UI that you use to view certs is called SSL
Certificates, the XML tag that you use to configure a virtual host to use TLS is named
<SSLInfo>, and the property
to set the SSL port for the management API is conf_webserver_ssl.port.

Regardless of the environment configuration for your management API—for example, whether
you’re using a proxy, a router, and/or a load balancer in front of your management API (or
not)— Edge lets you enable and configure TLS, giving you control over message encryption in
your on-premise API management environment.

For an on-premises installation of Edge Private Cloud, there are several places where you can
configure TLS:

Between a Router and Message Processor

For access to the Edge management API

For access to the Edge management UI

For access from an app to your APIs

For access from Edge to your backend services

Configuring TLS for the first three items is described below. All of these procedures assume
that you have created a JKS file containing your TLS certification and private key.

Creating a JKS file

You represent the keystore as a JKS file, where the keystore contains your TLS certificate and
private key. There are several ways to create a JKS file, but one way is to use the openssl and
keytool utilities.

Note: If you have a certificate chain, all certs in the chain must be
appended in order into a single PEM file, where the last certificate is signed by a
CA.

For example, you have a PEM file named server.pem containing your TLS certificate
and a PEM file named private_key.pem containing your private key. Use the following commands to
create the PKCS12 file:

Generating an obfuscated password

Some parts of the Edge TLS configuration procedure require you to enter an obfuscated password
in a configuration file. An obfuscated password is a more secure alternative to entering your
password in plain text.

You can generate an obfuscated password in Java by using the Jetty .jar files installed with
Edge. Generate the obfuscated password by using a command in the form: